| ... | @@ -42,6 +42,8 @@ The nodes in the NDS cluster run a number of services. |
... | @@ -42,6 +42,8 @@ The nodes in the NDS cluster run a number of services. |
|
|
| systemd unit| nds-proxy |
|
|
| systemd unit| nds-proxy |
|
|
|
| role | load balancing proxy that distributes requests through all the worker nodes. Allows unauthenticated connections or GSSAPI authenticated connections |
|
|
| role | load balancing proxy that distributes requests through all the worker nodes. Allows unauthenticated connections or GSSAPI authenticated connections |
|
|
|
| config dir | /etc/ndsproxy |
|
|
| config dir | /etc/ndsproxy |
|
|
|
|
| config file | /etc/ndsproxy/ndsproxy.json |
|
|
|
|
| user acl list | /etc/ndsproxy/userfile.txt |
|
|
|
| number in cluster | 1 |
|
|
| number in cluster | 1 |
|
|
|
|
|
|
|
|
Other notes.
|
|
Other notes.
|
| ... | @@ -60,6 +62,9 @@ The proxy can act in a few roles: |
... | @@ -60,6 +62,9 @@ The proxy can act in a few roles: |
|
|
| nds-1.dcs:31205 | the internal r/o admin reporting interface (simple stats reporting, and config) |
|
|
| nds-1.dcs:31205 | the internal r/o admin reporting interface (simple stats reporting, and config) |
|
|
|
| nds-1.dcs:31206 | simple stats collection (for the nds2 io nodes ) |
|
|
| nds-1.dcs:31206 | simple stats collection (for the nds2 io nodes ) |
|
|
|
|
|
|
|
|
|
Authenticated access
|
|
|
|
|
|
|
|
The authenticated interface of the proxy needs a kerberos keytab, and a user list file. The user acl file is /etc/ndsproxy/userfile.txt it is generated by a cron job which takes the contents of /etc/ndsproxy/userfile.tmpl.txt, expands the group names using a LIGO.ORG LDAP replica to a final /etc/ndsproxy/userfile.txt. The proxy reloads the userfile list while it is running.
|
|
|
|
|
|
|
|
### NDS Metadata Server ###
|
|
### NDS Metadata Server ###
|
|
|
|
|
|
| ... | @@ -73,4 +78,24 @@ Notes: |
... | @@ -73,4 +78,24 @@ Notes: |
|
|
|
|
|
|
|
This service can be restarted as needed. Restarting will only interrupt current metadata requests, not data requests.
|
|
This service can be restarted as needed. Restarting will only interrupt current metadata requests, not data requests.
|
|
|
|
|
|
|
|
Requires the diskcache server to be running. |
|
Requires the diskcache server to be running. The service will query disk cache for the general existence of frames for each frame type.
|
|
|
|
|
|
|
|
### NDS2 IO Node ###
|
|
|
|
|
|
|
|
| item | description |
|
|
|
|
| ------ | ------ |
|
|
|
|
| systemd unit | nds2-io-node |
|
|
|
|
| role | This service speaks the full nds2 protocol and does the frame reading. It requires the use of a disk cache server to locate frames and a nds metadata server to query channel lists and availability. |
|
|
|
|
|
|
|
|
The nds2-io-node is a python process which speaks the NDS2 protocol. It can take its configuration via command line arguments, or be configured to pull its configuration from a central repository. The setup here pulls the configuration from the administrative interface on the proxy.
|
|
|
|
|
|
|
|
### Memcache ###
|
|
|
|
|
|
|
|
The memcached distributed network cache is used to cache recently used frame data. It is split over several nodes. The presence of the memcached instance is purely an optimization, the system will function with reduced speed if the cache is not available.
|
|
|
|
|
|
|
|
Memcached is not authenticated. The contents of the cache are protected via firewall rules which restrict access to the nds nodes.
|
|
|
|
|
|
|
|
| item | description |
|
|
|
|
| ------ | ------ |
|
|
|
|
| systemd unit | memcached |
|
|
|
|
| role | cache the frame data in memory | |
|
|
|
\ No newline at end of file |
